shared/utils/crypto/
openssl.rs

1use base64::Engine;
2use base64::prelude::BASE64_URL_SAFE_NO_PAD;
3use openssl::ec::{EcGroup, EcKey};
4use openssl::nid::Nid;
5use openssl::pkey::PKey;
6use openssl::rsa::Rsa;
7
8use crate::config::AlgorithmConfig;
9
10#[derive(Clone, Default)]
11pub struct Openssl {
12    pub algorithm: AlgorithmConfig,
13}
14
15impl Openssl {
16    pub fn new(algorithm: &AlgorithmConfig) -> Self {
17        Self {
18            algorithm: algorithm.clone(),
19        }
20    }
21}
22
23impl Openssl {
24    pub fn gen_prv_pub_key(&self) -> (String, String) {
25        match self.algorithm {
26            AlgorithmConfig::EdDSA => self.gen_ed(),
27            AlgorithmConfig::ES256 => self.gen_ec(Nid::X9_62_PRIME256V1),
28            AlgorithmConfig::ES384 => self.gen_ec(Nid::SECP384R1),
29            AlgorithmConfig::RS256
30            | AlgorithmConfig::RS384
31            | AlgorithmConfig::RS512
32            | AlgorithmConfig::PS256
33            | AlgorithmConfig::PS384
34            | AlgorithmConfig::PS512 => self.gen_rsa(),
35        }
36    }
37
38    fn gen_rsa(&self) -> (String, String) {
39        let rsa = Rsa::generate(4096).expect("Failed to generate RSA key");
40
41        // Get private key as PEM
42        let private_key_pem = rsa
43            .private_key_to_pem()
44            .expect("Failed to encode private key");
45        // Get public key as PEM
46        let public_key_pem = rsa
47            .public_key_to_pem()
48            .expect("Failed to encode public key");
49
50        (
51            BASE64_URL_SAFE_NO_PAD.encode(private_key_pem),
52            BASE64_URL_SAFE_NO_PAD.encode(public_key_pem),
53        )
54    }
55
56    fn gen_ec(&self, nid: Nid) -> (String, String) {
57        let group = EcGroup::from_curve_name(nid).unwrap();
58
59        let ec_key = EcKey::generate(&group).unwrap();
60        let pkey = PKey::from_ec_key(ec_key).unwrap();
61
62        let private_key_pem = pkey.private_key_to_pem_pkcs8().unwrap();
63        let public_key_pem = pkey.public_key_to_pem().unwrap();
64
65        (
66            BASE64_URL_SAFE_NO_PAD.encode(private_key_pem),
67            BASE64_URL_SAFE_NO_PAD.encode(public_key_pem),
68        )
69    }
70
71    fn gen_ed(&self) -> (String, String) {
72        let pkey = PKey::generate_ed25519().unwrap();
73
74        let private_key_pem = pkey.private_key_to_pem_pkcs8().unwrap();
75        let public_key_pem = pkey.public_key_to_pem().unwrap();
76
77        (
78            BASE64_URL_SAFE_NO_PAD.encode(private_key_pem),
79            BASE64_URL_SAFE_NO_PAD.encode(public_key_pem),
80        )
81    }
82}
shared/utils/crypto/openssl.rs

shared/utils/crypto/
openssl.rs
